Hi ,

I've managed to get this to work in a lab but not in a live environment.

The spoke has two ISPs and the hub has a single ISP.

Two separate tunnels on the spoke are pointing to two separate tunnels on the hub.

A default route per ISP at the spoke end will not work as there are users going via the same router to access the internet, and one of the ISP links is faster than the other so one has to remain the primary internet connection.

The default routes are set up so that if one default route fails the other takes its place. In this scenario the second tunnel comes up but goes down when the original default route is restored.

In other words both tunnels are never up at the same time

Is there an example of the vrf scenario ?

The routing protocol I'm using across the network is OSPF

Many Thanks

Quite a few people setup vrf-lite. 

You can find example for both spoke and hubs. 

A couple external examples:

https://shaw38.wordpress.com/2010/04/20/internet-based-dmvpn-coming-through-your-front-door-vrf-that-is/

http://www.packetgeek.net/2013/11/dmvpn-with-vrfs-for-the-internet-interfaces-and-bgp/

Hi Marcin,

OK I managed to get this to work.

I have only set VRFs on the spoke.

However on the spoke I have a desktop lan that requires internet access as well as internal networks.

The internal networks can be seen via the tunnel interfaces, but I no longer have a default route in the global routing table to route the desktop lan out to the internet and I appear to be unable to add a static default route out either.

I can add "ip router 0.0.0.0 0.0.0.0  x.x.x.x" but it is not installed into the global routing table because I no longer see the outside interfaces in the global routing table.

Can you please advise as to how I can get the desktop LAN to route to the internet ?

Many Thanks

Vic, 

I'd keep that "main" ISP in global VRF, only put the one where you'd like to have DMVPN on in a specific one. 

Otherwise you will need to play with some sort of route leaking (it's not hard, but maybe too much for a small spoke?). 

M.

I'm afraid the two ISP links on that spoke have the following requirements:

1) To act as a main and standby DMVPN connection back to the hub carrying internal routes

2) To act as a main and standby ISP gateway for the desktop LAN hanging off the spoke.

3) To act as an incoming VPN hub for remote access.

So, some level of routing manipulation is required, but putting the routing into separate VRFs complicates the issue.

Vic, 

If you want active/standby your routing can be solved by SLA/track and using floating routes. The DMVPN source IP address would either be a loopback or change it using EEM (based on track information) for example. 

If active active is what you need you'd need to play with VRFs/BGP. :-)

M.

The problem is how do I get the outside ISP subnets into the global routing table in order for the desktop LAN to access them ?

When I configure VRFs, they are in the VRF and no longer in the global routing table so I am unable to point a default route into them.

Vic, 

I recently was playing with import and export IPv4 maps ... I think I needed 15.4/15.3 IOS though.

(In your case it's "export" under VRF, since you want to get it from VRF to global)

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/command/irg-cr-book/bgp-c1.html#wp5719557050

found a thread from couple of weeks back where I was demonstrating the import/export feature. 

https://supportforums.cisco.com/discussion/12464276/dmvpn-mpls-best-path-selection

There's also quite a few good external resources. 

M